This year at the Stanford Directors' College, the Rock Center team once again put together an all-star slate covering key issues for corporate board members. The Rock Center's Joe Grundfest, Amanda Packel and Kristen Savelle raise the bar for the event each year. This year, they were joined by a new face, Michael Callahan, former senior vice president and general counsel of LinkedIn (a familiar venue to many readers). Topics this year included insight on #MeToo issues, privacy, shareholder activism, cybersecurity, succession, compensation, and enterprise risk, to name a few. As directors and experts gathered from across the globe to see the greatest governance show on earth, one of the directors stood out—Shellye Archambeau.

Archambeau was one of those speakers where you could hear a pin drop when she was talking. She started off her career at IBM and ran Blockbuster's e-commerce division. She was the CEO of MetricStream for over 15 years, a leading provider of governance, risk, compliance and quality management solutions to corporations across diverse industries. Archambeau currently sits on the boards of MetricStream, Nordstrom Inc. and Verizon Communications. Archambeau is regularly named on Who's Who lists in technology. She attended the Wharton School of the University of Pennsylvania. And she's a gourmet cook and writes a blog that provides career advice, insight and other musings from her career (https://shellyearchambeau.com). She also co-wrote a book, “Marketing That Works: How Entrepreneurial Marketing Can Add Sustainable Value to Any Sized Company,” which describes marketing tools, tactics and strategies to leverage current trends and opportunities and optimize corporate profits and brand development.

Corporate Counsel caught up with Archambeau after the conference and asked for some insight on working with boards.

RM: You previously ran a company called MetricStream for 15 years that can help companies with dashboards and analytics to measure compliance and risk across different functions. Now you are on that company's board, in addition to serving on the boards of Nordstrom Inc. and Verizon Communications. Many in-house counsel struggle with identifying what is important to the board and how to measure compliance and risk. What advice would you give them?

SA: The starting point is to remember that boards are responsible for oversight of a company's compliance and risk programs. Counsel should ensure board members understand the current processes and standards used to form the foundation of their approach. The company should share its formal work plans and the board should have visibility into periodic internal, and where appropriate, external reviews of these programs.

Once that is clear, the focus turns to adequacy and effectiveness. When sharing reports and measurements with the board, counsel should use a subset of those the company uses. The board wants to understand why management feels confident that their practices are sound. They want to ensure that there are formal and anonymous ways to quickly escalate and properly handle issues. Examples of areas for metric inclusion are:

  • Compliance training.
  • Significant customer and employee complaints.
  • Issue tracking and remediation.
  • Testing and internal audit.
  • Privacy incidents.
  • Policy attestations/reviews.

RM: One of the topics you discussed at the Directors' College was the evolving role of audit committees. How has the role changed?

SA: Sarbanes-Oxley ushered in a new world of financial reporting and disclosure. Since then, the audit committee's risk management oversight responsibility has significantly expanded. Global operations combined with companies being held to a higher lever of accountability has led to the need for more risk management rigor across a broad horizon. Geopolitical risks, cybersecurity risk, privacy risks, supplier risks, etc. are often in the top risk quadrant and need understanding and review. Audit committees spend more time on these topics as they struggle to address all areas of responsibility.

RM: One of the topics you spoke about at the conference was a National Association of Corporate Directors study on “Culture as a Corporate Asset.” What are three takeaways from the study?

SA: Number one, culture oversight is a full board responsibility and board directors, together with management, should be proactive in their efforts.

Number two, board directors should review and assess the board as a whole, including key management roles, to ensure the composition of the board, board processes, and key management roles are adequate and positioned appropriately to support a good company culture. Key executives leading legal, risk, compliance and internal controls need enough elevation and board access to effectively execute.

Number three, the board needs to focus not only on the results achieved, but on how they are achieved. Be mindful of unintended consequences that can result from compensation structures and executive directives.

RM: What's your advice to a new general counsel or chief compliance officer presenting to the board on risk and governance?

SA: Focus on crisp yet complete communications. Here is what the board wants to know:

  • What is the situation and why is it a board matter?
  • How is the company handling the situation and why?
  • What are the risks and how are they being managed?
  • What are the implications to the business—short-term and long-term?
  • Going forward, how do we prevent and minimize this type of situation from reoccurring?

RM: As a board member, what key attributes make for a good general counsel?

SA: There are three I will highlight. The first is knowing the business inside-out, so that your advice is well-grounded in context and risk-adjusted to the situation. Second is to be proactive. Offer perspective and counsel during the business discussion when relevant, don't wait to be asked. Third, speak the language of the business, not legal jargon.

Ryan McConnell is a lawyer at R. McConnell Group—a compliance boutique law firm in Houston with Fortune 500 clients across the globe. McConnell is a former assistant U.S. attorney in Houston who has taught criminal procedure and corporate compliance at the University of Houston Law Center. Send column ideas to [email protected]. Follow the firm on Twitter @RMcConnellGroup.